Hi all, we are experiencing a strange behaviour using Shiro in conjunction with Tomcat versioning/naming feature (https://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Naming). Let's suppose that we have a deployed app named app##01.war on which we have several logged users. If we realease a new version of our webapp (app##02.war), after the webapp is started up by tomcat, users on the instance ##01 start receiving 401 Unauthorized from the server and they are automatically redirected to login page.
It seems that sessions of both webapp instances are treated in the same pool. How can we separate the session handling in order to avoid any interference between the instances? Any help would be appreciated. Thanks. Matteo A. I leave here our shiro.ini configuration: [main] cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = wtSessionId cookie.path = / sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionListener = com.sonicle.webtop.core.app.ShiroSessionListener sessionManager.sessionIdCookie = $cookie securityManager.sessionManager = $sessionManager securityManager.sessionManager.sessionIdCookieEnabled = true securityManager.sessionManager.sessionIdUrlRewritingEnabled = false securityManager.sessionManager.globalSessionTimeout = 900000 securityManager.sessionManager.sessionListeners = $sessionListener cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager realm = com.sonicle.webtop.core.shiro.WTRealm securityManager.realms = $realm authc = com.sonicle.webtop.core.shiro.WTFormAuthFilter authc.loginUrl = /login authc.successUrl = / authc.usernameParam = wtusername authc.passwordParam = wtpassword authc.rememberMeParam = wtrememberme authc.failureKeyAttribute = loginFailure -- Sent from: http://shiro-user.582556.n2.nabble.com/
